Dynamic Enforcement of Dynamic Policies
Paper in proceedings, 2015

This paper presents SLIO, an information-flow control mechanism enforcing dynamic policies: security policies which change the relation between security levels while the system is running. SLIO builds on LIO, a floating-label information-flow control system embedded in Haskell that uses a runtime monitor to enforce security. We identify an implicit flow arising from the decision to change the policy based on sensitive information and introduce a corresponding check in the enforcement mechanism. We provide a formal security guarantee for SLIO, presented as a knowledge-based property, which specifies that observers can only learn information in accordance with the level ordering. Like LIO, SLIO is a generic enforcement mechanism, parametrised on the concrete instantiation of security labels and their policy change mechanism. To illustrate the applicability of our results, we implement well-known label models such as DLM, the Flowlocks framework, and DC labels in SLIO.

Author

Pablo Buiras

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Bart van Delft

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

PLAS 2015

28-41

Areas of Advance

Information and Communication Technology

Subject Categories

Computer Science

DOI

10.1145/2786558.2786563

ISBN

978-1-4503-3661-1

More information

Created

10/7/2017